Dropbox Accounts Accidentally Open to All for 4 Hours

A code update Monday afternoon introduced a bug which made Dropbox accounts password-free, meaning anyone could have logged into anyone else’s account with only the email address, for about four hours. The breach occurred between 1:54pm and 5:41pm Pacific time and was fixed at 5:46pm. According to Dropbox’s blog post, however, only less than one percent of users logged in during that period.

Security has always been a major concern with most cloud-based storage service, and this recent episode will clearly not help in building that confidence. Security concerns over who is able to access the stored data was also recently raised in May when a Christopher Soghoian, a cybersecurity fellow at Indiana University, filed a complaint with the Federal Trade Commission, asking the FTC to investigate Dropbox over allegedly misleading customers about their data protection.

Cloud-based storage security can also come in other forms, however, like encrypting your data before storage. Of course, encrypting your data first would mean you would not be able to use cloud-based services and tools that have to be able to read your data, like GoogleDocs for instance. But if you are only using the cloud service for storage, like Dropbox, encrypting your sensitive docs is an easy way to add an extra layer of security.